Rev81: CHANGE: Sect. 11.1 Basic Authentication

Dave Kristol (dmk@allegra.att.com)
Fri, 31 May 96 12:39:51 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ben Laurie: "Details..."
Previous message: jg@w3.org: "Re: WORKING GROUP LAST CALL"
Next in thread: jg@w3.org: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"
Reply: jg@w3.org: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"
Reply: Larry Masinter: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"
Reply: barili systems limited: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"

David Morris, dwmorris@netcom.com, asked Jim Gettys:
  > The question for the experts is:  Is there some 
  > protocol reason that userid shouldn't be redefined as
  >  *(TEXTnotCOLON)?
  > 
  > If need be, I or my crew could survey a few more browsers to build the
  > case for current practice. I'll be happy to post a proposed edit to the
  > list if there isn't an obvious reason to not make the change.

I can't think of a *protocol* reason.  Furthermore, I suspect any
robust server is indifferent to what characters precede ':' (including
CTLs!).  That's certainly true of my server and, I think, NCSA and
Apache.

So the question is, what do clients do?  I would welcome David's survey
of current practice before endorsing the change, but I think it's a
reasonable one.

Meanwhile, I offer the following change proposal:

Change:
	userid = [ token ]
To:
	userid = *TEXTnocolon
	TEXTnocolon = <any OCTET except CTLs and ":",
			but including LWS>

Dave Kristol

Next message: Ben Laurie: "Details..."
Previous message: jg@w3.org: "Re: WORKING GROUP LAST CALL"
Next in thread: jg@w3.org: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"
Reply: jg@w3.org: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"
Reply: Larry Masinter: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"
Reply: barili systems limited: "Re: Rev81: CHANGE: Sect. 11.1 Basic Authentication"